Skip to content

Let's Encrypt while upgrading nodes #152

New issue
New issue
Open
Open
Let's Encrypt while upgrading nodes#152
@SebastienGardoll

Description

@SebastienGardoll
SebastienGardoll
opened on Jul 28, 2021

Describe the bug

When trying to upgrade from 4.04 to devel or 4.05, with Let's Encrypt on.

`TASK [tomcat : Create Keystore] **************************************************************************************************************************************************************
fatal: [vesgint-idx.ipsl.upmc.fr]: FAILED! => {
"changed": false,
"cmd": "/usr/bin/openssl pkcs12 -export -name my_esgf_node -in /tmp/my_esgf_node.crt -inkey /tmp/my_esgf_node.key -out /tmp/keystore.p12 -passout '********'",
"rc": 1
}

STDERR:

No certificate matches private key

MSG:

No certificate matches private key

fatal: [vesgint-data.ipsl.upmc.fr]: FAILED! => {
"changed": false,
"cmd": "/usr/bin/openssl pkcs12 -export -name my_esgf_node -in /tmp/my_esgf_node.crt -inkey /tmp/my_esgf_node.key -out /tmp/keystore.p12 -passout '********'",
"rc": 1
}

STDERR:

No certificate matches private key

MSG:

No certificate matches private key`

Full log: 6_upgrade_int_to_devel_lets.log

To Reproduce

ansible-playbook -i hosts.int -u root install.yml

idx&idp config:

`ansible_user: root

globushostcert: /root/certs/local_certs/hostcert.pem
globushostkey: /root/certs/local_certs/hostkey.pem

myproxycacert: /root/certs/local_certs/cacert.pem
myproxycakey: /root/certs/local_certs/cakey.pem
myproxy_signing_policy: /root/certs/local_certs/globus_simple_ca_47671b99_setup-0/47671b99.signing_policy

try_letsencrypt: true

globus_user: [NOT SHOWN]
globus_pass: [NOT SHOWN]
register_gridftp: false
register_myproxy: false

configure_centos6_iptables: false
configure_centos7_firewalld: false

mirror_host: distrib-coffee.ipsl.jussieu.fr/pub`

data config:

`ansible_user: root

globushostcert: /root/certs/local_certs/hostcert.pem
globushostkey: /root/certs/local_certs/hostkey.pem

try_letsencrypt: true

globus_user: [NOT SHOWN]
globus_pass: [NOT SHOWN]
register_gridftp: false
register_myproxy: false

configure_centos6_iptables: false
configure_centos7_firewalld: false

mirror_host: distrib-coffee.ipsl.jussieu.fr/pub`

Expected behavior

Installation to complete and working Let's Encrypt certificats and idx and data nodes.

ESGF Node (please complete the following information):

  • Managed OS: Up to date CentOS 7
  • Host OS: Up to date CentOS 7
  • esgf-ansible Version: 4.04
  • Node type: idx, idp and data

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions